fffca4234c
FIX: allow ampersand in site_texts routes
2019-07-15 16:39:57 +05:30
cbb4af124b
Fix the build.
...
Follow up to 4b0cf7f6dd28dbb9654903628f2b2d78113863d1.
2019-07-15 16:38:54 +08:00
ff66e62e0c
UX: ensures popup-tip shows over dropdowns ( #7891 )
2019-07-15 08:55:20 +02:00
4b0cf7f6dd
SECURITY: XSS when displaying watched words in admin panel.
...
The XSS here is only possible if CSP is disabled. Low impact since CSP
is enabled by default in SiteSettings.
2019-07-15 10:55:50 +08:00
a4234e9be0
DEV: Minor tweaks to Admin::WatchedWordsController.
2019-07-15 10:22:46 +08:00
ce8e099639
FEATURE: Use configured quotation marks in fancy topic title
2019-07-12 21:10:10 +02:00
8f89254554
FIX: Recalculate settings when dependent settings change
2019-07-12 21:10:10 +02:00
fb2df0b43b
Restore missing group admin interface strings
2019-07-12 10:12:11 -04:00
d3d88e8183
Fix typo ( #7887 )
2019-07-12 09:55:02 -04:00
7311eeed39
FIX: Use default locale for flag reasons
2019-07-12 12:04:23 +02:00
c4d1833588
FIX: Do not show bootbox if post has no replies. ( #7866 )
...
When we delete a post that has replies, we show a modal asking if the user wants to delete the post, the post and its direct replies or the post and all its replies.
If replies are deleted before a post, that modal would ask the user if they want to delete the post and 0 replies.
That commit ensure we skip the modal and directly delete the post in this case.
2019-07-12 11:42:57 +02:00
22e2631f29
copyedit on "get this discussion started"
2019-07-11 17:06:16 -07:00
4a095b286b
Follow-up for 9a11a8b3 to fix qunit tests
2019-07-11 23:56:22 +02:00
9a11a8b33b
FEATURE: Site setting for typographic quotation marks
...
Adds locale defaults for German and French
2019-07-11 23:19:28 +02:00
1d38040579
SECURITY: SQL injection with default categories
...
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.
The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:41:51 -04:00
afe922c30b
DEV: updates lodash to 4.17.13 ( #7883 )
2019-07-11 18:30:17 +02:00
c584a4569b
DEV: pulls lodash-cli from git, package is not pushed to npm ( #7882 )
2019-07-11 18:27:58 +02:00
550e811652
DEV: allows lodash to be updated with rake javascript:update ( #7881 )
2019-07-11 16:57:03 +02:00
9b0be303b4
SECURITY: Upgrade lodash
...
There is a security hole in lodash with prototype pollution. It's not
clear if Discourse is affected but to be on the safe side we will
upgrade right away.
Note that the front end Discourse does not appear to use `defaultsDeep`
in our custom build and should be protected.
2019-07-11 10:50:30 -04:00
2e548d3e7f
Revert "Build(deps): Bump lodash from 4.17.11 to 4.17.14 ( #7880 )"
...
This reverts commit 5224abee94e07f409ed90b2767a2982dbdd1033c.
- In retrospect a bot cannot sign the CLA. I will create a similar
commit
2019-07-11 10:37:18 -04:00
5224abee94
Build(deps): Bump lodash from 4.17.11 to 4.17.14 ( #7880 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.11 to 4.17.14.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.14 )
Signed-off-by: dependabot[bot] <support@github.com >
2019-07-11 10:35:15 -04:00
fd4557a9ef
UX: Mobile editor style fixes ( #7878 )
2019-07-11 09:57:53 -04:00
25830c73be
Bump onebox version.
...
- use custom placeholder HTML for generic whitelisted oneboxes
- optimize usage of custom placeholder HTML
2019-07-11 18:31:51 +05:30
e0562a8172
UX: update placeholder for Tags Groups
2019-07-11 12:34:11 +05:30
aa7181820c
UX: Add title attribute and aria-label to PM icon link
2019-07-10 23:05:57 -04:00
bdaf07adcf
Hide empty anchor tag from screen readers
2019-07-10 22:39:25 -04:00
1983f0d06e
Don't load PM icon in title unless topic is a PM
2019-07-10 22:38:32 -04:00
b848bd4ddc
True should be a string to display properly in aria-haspopup
2019-07-10 22:02:21 -04:00
c76732722a
FIX: Turn off search logging when read-only ( #7877 )
...
If `SiteSetting.log_search_queries` is enabled 500 errors will occur
when searching if the master db is down. This fix allows searching to
still work under these conditions.
2019-07-10 17:05:31 -07:00
a49aa895d6
copyedit to shorten customize pills
2019-07-10 13:22:32 -07:00
bd35a8f334
FIX: ensures spinner is showing on tags/show when loading more ( #7876 )
...
Context: https://meta.discourse.org/t/issue-while-scrolling-down-after-selecting-a-tag-on-the-home-page/122542
2019-07-10 21:37:31 +02:00
142344e45d
FIX: ensures routing with hash doesn't stuck history ( #7872 )
...
* FIX: ensures routin with hash doesnt stuck history
Original issue: https://meta.discourse.org/t/hash-anchor-in-url-prevents-further-url-updates/122068/4
Basically when the path has a hash, state would be null, and nothing would happen.
* Update app/assets/javascripts/discourse/lib/discourse-location.js.es6
Co-Authored-By: Régis Hanol <regis@hanol.fr >
2019-07-10 20:43:03 +02:00
f89bd55576
Revert "FEATURE: admin/user exports are compressed using the zip format ( #7784 )"
...
This reverts commit 8b2580e20fc508f4e639210f7e64cbf096f95cfc.
2019-07-10 11:38:51 -03:00
90fcdad3cd
UX: Discard selected post if it is not in viewport. ( #7869 )
...
This way, users can combine keyboard shortcuts with mouse scrolling.
2019-07-10 10:22:09 -04:00
8b2580e20f
FEATURE: admin/user exports are compressed using the zip format ( #7784 )
...
* FEATURE: admin/user exports are compressed using the zip format
* Update translations. Theme exporter now exports .zip file. Theme importer supports .zip and .gz files
* Fix controller test, updated locale and skip saving the csv export to disk
2019-07-10 11:13:03 -03:00
f0fea5991f
FIX: Latest Selenium gem broke Google Groups import script
...
Selenium uses Keep-Alive since version 3.141, so the net-http-persistent gem shouldn't be needed anymore.
2019-07-10 09:45:33 +02:00
629bb8adf2
SECURITY: XSS with title selector on preferences page
...
Note this is very low severity as the group needs to be created with a
default title that contains HTML, and group creation is restricted to
staff members right now.
2019-07-09 15:49:24 -04:00
6e22499e5f
Remove unused file resubscribe.html.erb
2019-07-09 15:17:33 -04:00
ab6ad220c7
DEV: Fix user simulator script.
2019-07-09 18:52:08 +03:00
5f0d38341e
FIX: Remapping during restore was wrong for CDN URLs
2019-07-09 17:34:41 +02:00
4c1b8c7559
FIX: Remap differently when backup comes from multisite
2019-07-09 16:11:32 +02:00
a65a9a85d5
FEATURE: Remap uploads during restore when S3 or CDN changes
...
In order for this to work the Backuper stores a couple of site settings
in the new backup_metadata table, because the old setting values might
not be available on restore anymore.
2019-07-09 14:04:16 +02:00
5ffb722999
DEV: Less verbose remapping
...
It's hard to see which columns have been remapped when remapping prints
lots of "0 rows affected" lines. This changes it to output the row count
only for affected columns.
2019-07-09 14:04:16 +02:00
f2dc59d61f
FEATURE: Add hidden setting to include S3 uploads in backups
2019-07-09 14:04:16 +02:00
9f5cfa192e
FEATURE: Allow Markdown in post notices. ( #7864 )
2019-07-09 14:42:02 +03:00
6b0cc9e22e
Marked flaky test
2019-07-09 10:45:11 +01:00
c3db5925a8
FIX: Turbo tests exit codes
2019-07-09 08:51:23 +01:00
f0f271cd5f
Bump onebox version.
...
- remove additional whitespace from Twitter onebox
2019-07-09 13:12:03 +05:30
f4dc6de9f1
FIX: Clear theme editor content on switching tabs
...
Issue happens when sending a null value to ACE Editor.
Fixed by sending an empty string to ACE instead of null.
2019-07-08 20:06:56 -04:00
324e182842
FEATURE: show login and signup button on no-ember layout ( #7867 )
2019-07-09 04:51:19 +05:30
